How to know which application is sending udp data packet using wire shark?please help. i want to track which application is sending or receiving udp data packets in my pc, i tried filtering udp packets, but i am not able to track the root application .please give me a solution for this. This question is marked "community wiki". asked 28 Oct '13, 02:44  shafaquatbari converted to question 28 Oct '13, 03:05  grahamb ♦ |
2 Answers:
Well, it's a multi-step process. Here's one way. At the same time that you are capturing the Wireshark trace, also capture the output from netstat (more on that in a minute) on the host that's using the UDP connection you are interested in. Filter the Wireshark trace to find the UDP packets of interest. Look at the port number being used in those UDP packets. Find that port number in the netstat output. You might see something like 143.169.14.133:51126 (where 51126 is the port number in this case), and then note the PID (Process ID) given on the same line. The PID will identify the running application that is using UDP to communicate. You can find the application based on the PID on the Processes tab in Windows Task Manager. The parameters used on netstat will vary depending on the host operating system. For Windows, something like "netstat -a -o -p UDP > netstat.out" should do the trick. answered 28 Oct '13, 08:49  griff |
If the pc is running windows you can try using Message Analyser from Microsoft as that captures the sending process along with the network traffic. answered 28 Oct '13, 08:55 grahamb ♦ |
